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Abstract: We consider turn-based game arenas for which we investigate uniformity properties 
of strategies. These properties involve bundles of plays, that arise from some semantical motive. 
Typically, we can represent constraints on allowed strategies, such as being observation-based. 
We propose a formal language to specify uniformity properties and demonstrate its relevance by 
rephrasing various known problems from the literature. Note that the ability to correlate different 
plays cannot be achieved by any branching-time logic if not equipped with an additional modality, 
so-called R in this contribution. We also study an automated procedure to synthesize strategies 
subject to a uniformity property, which strictly extends existing results based on, say standard 
temporal logics. We exhibit a generic solution for the synthesis problem provided the bundles of 
plays rely on any binary relation definable by a finite state transducer. This solution yields a 
non-elementary procedure. 
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Strategies uniformes 



Resume : Nous considerons des arenes de jeux pour lesquelles nous etudions des proprietes 
d'uniformite des strategies. Ces proprietes font intervenir des ensembles de parties, qui emer- 
gent d'une quelconque motivation semantique. Typiquement, nous pouvons representer des con- 
traintes sur les strategies autorisees, comme par exemple etre observationnelles. Nous proposons 
un language formel pour specifier les proprietes d'uniformite et demontrons sa pertinence en re- 
formulant divers problemes connus de la litterature. Noter que la capacite a correler differentes 
parties ne peut etre obtenue par aucune logique du temps arborescent a moins de Tcquipcr d'une 
niodalitc supplcmcntaire, appclcc R dans ccttc contribution. Nous etudions aussi une proce- 
dure de synthese automatique de strategies soumiscs a une propriete d'uniformite, qui etend 
strictement les resultats existants bases sur la logique tcinporelle standard. Nous proposons une 
solution gcncriquc pour Ic problcnie dc la synthese dans le cas ou les ensembles de parties sont 
caracterises par une relation binaire definissable par un transducteur fini. Cette solution donne 
une procedure non-elementaire. 

Mots-cles : theorie des jeux, logique temporelle, logique epistemique, strategies uniformes 
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1 Introduction 

In extensive (finite or infinite duration) games, the arena is represented as a graph whose vertices 
denote positions of players and whose paths denote plays. In this context, a strategy of a player 
is a mapping prescribing to this player which next position to select provided she has to make 
a choice at this current point of the play. As mathematical objects, strategies can be seen as 
infinite trees those of which are obtained by pruning the infinite unfolding of the arena according 
to the selection prescribed by this strategy; outcomes of a strategy are therefore the branches of 
the trees. 

Strategies of players are not arbitrary in general, since players aim at achieving some objec- 
tives: in classic game theory with finite-duration plays, the reasonable rationality assumption 
leads players to play in such a way that they maximize their pay-off. More recently, (infinite- 
duration) game models have been intensively studied for their applications in computer science 
[AGllJ and logic [GTW02J. First, infinite-duration games provide a natural abstraction of com- 
puting systems' non-terminating interaction |AHK02] (think of a communication protocol be- 
tween a printer and its users, or control systems). Second, infinite-duration games naturally 
occur as a tool to handle logical systems for the specification of non-terminating behaviors, such 
as for the propositional /x-calculus |EJ91| . leading to a powerful theory of automata, logics and 
infinite games |GTW02l and to the development of algorithms for the automatic verification 
("model-checking") and synthesis of hardware and software systems. 

Additionally, the cross fertilization of multi-agent systems and distributed systems theories 
has led to equip logical systems with additional modalities, such as epistemic ones, to capture 
uncertainty |Sat77l iLehSl IFHV91I IPR85I ILR86I IHV89| . and more recently, these logical systems 
have been adapted to game models in order to reason about knowledge, time and strategies 
[vdH WOSl IJH04I IDEG10| . The whole picture then becomes intricate, mainly because time and 
knowledge are essentially orthogonal, yielding a complex theoretical universe to reason about. 
In order to understand to which extent knowledge and time are orthogonal, the angle of view 
where strategies are infinite trees is helpful: Time is about the vertical dimension of the trees as 
it relates to the ordering of encountered positions along plays (branches) and to the branching 
in the tree. On the contrary. Knowledge is about the horizontal dimension, as it relates plays 
carrying, e.g., the same information. 

As far as we know, this horizontal dimension, although extensively studied when in terpreted 
as knowledge or observation |AVW03llvdHW03l[JH0llBen05llPR05llCDHR06llACC07[lDEG10| . 



has not been addressed in its generality. In this paper, we aim at providing a unified setting 
to handle it. We introduce the generic notion of uniformity properties and associated so-called 
uniform strategies (those satisfying uniformity properties) . Some notions of "uniform" strategies 
have already been used, e.g., in the setting of strategic logics [VBOll IBenOSI IJH04| and in the 
evaluation game of Dependence Logic |Vaa07| . which both fall into the general framework we 
present here. 

We have chosen to tell our story in a simple framework where games are described by two- 
player turn-based arenas in which all information is put inside the positions, and not on the 
edges. However, the entire theory can be adapted to more sophisticated models, e.g. with labels 
on edges, multi-players, concurrent games, . . .Additionally, although uniformity properties can 
be described in a set-theoretic framework, we have chosen to use a logical formalism which can 
be exploited to address fundamental automated techniques such as the verification of uniformity 
properties and the synthesis of uniform strategies - arbitrary uniformity properties are in general 
hopeless for automation. The formalism we use combines the Linear-time Temporal Logic LTL 
IGPSSSO] and a new modality R (for "for all related plays") , the semantics of which is given by 
a binary relation between plays. Modality R generalizes the knowledge operator K of [HV89| 
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for the epistemic relations of agents in Interpreted Systems. The semantic binary relations 
between plays are very little constrained: they are not necessarily equivalences, to capture, e.g. 
plausibility (pre) orders one finds in doxastic logic |Hin62| . neither are they knowledge-based, to 
capture particular strategies in games where epistemic aspects are irrelevant. Formulas of the 
logic are interpreted over outcomes of a strategy. The R modality allows to universally quantify 
over all plays that are in relation with the current play. Distinguishing between the universal 
quantification over all plays in the game and the universal quantification over all the outcomes 
in the strategy tree yields two kinds of uniform strategies: the fully-uniform strategies and the 
strictly-uniform strategies. 

As announced earlier, we illustrate the suitability of our notions by borrowing many frame- 
works from the literature: strategies for games with imperfect information, games with opacity 
conditions, the non-interference properties of computing systems, diagnosability of discrete-event 
systems (with a proposal for a formal definition of prognosis), and finally the evaluation game 
for Dependence Logic. Proofs of Section |2] are omitted due to lack of space, but they are quite 
simple. Through these examples we show that both notions, strict uniformity and full unifor- 
mity, are relevant and incomparable. These examples also demonstrate that defining uniformity 
properties with our formal language is convenient and intuitive. There are even more instances 
of uniform strategies in the literature, but the numerous examples we give here are already 
convincing enough to justify the relevance of the notion. 

Next we turn to the automated synthesis of uniform strategies. For this purpose, we unsur- 
prisingly restrict to finite arenas and to binary relations between plays that are finitely repre- 
sentable: we use finite state transducers |Ber79| . an adequate device to characterize a large class 
of binary relations between sequences of symbols, hence they can be used to relate sequences of 
positions, i.e. plays. Incidentally, all binary relations that are involved in the relevant literature 
seem to follow this restriction. In this context, we address the problem of the existence of a 
fully-uniform strategy: "given a finite arena, a finite state transducer describing a binary relation 
between plays, and a formula expressing a uniformity property, does there exist a fully-uniform 
strategy for Player 1?". We prove that this problem is decidable by designing an algorithm. 
This algorithm involves a non-trivial powerset construction from the arena and the finite state 
transducer. This construction needs being iterated a number of times that matches the maxi- 
mum number of nested R modalities in the formula specifying the uniformity property. As each 
powerset construction is computed in exponential time, the overall procedure is non-elementary. 
Regarding the decision problem for the existence of a strictly-uniform strategy, its decidability 
is an open problem. 

The paper is organized as follows, in Section[5]we set the mathematical framework: we intro- 
duce the notion of uniform strategies and we present the formal language to specify uniformity 
properties. Next, in Section [31 we expose a significant set of six instances of uniform strategy 
problems from the literature. Section 2] is dedicated to a short reminder about finite state trans- 
ducers that are used in the strategy synthesis problem addressed and solved in Section [S] We 
finish by a discussion on the work done and perspectives in Section [S] 

2 Uniform properties 

In this section we define a very general notion of uniform strategies. We consider two-player turn- 
based games that are played on graphs with vertices labelled with propositions. These propositions 
represent the relevant information for the uniformity properties one wants to state. If the game 
models a dynamic system interacting with its environment, relevant information can be the value 
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of some (Boolean) variables. If it models agents interacting in a network, interesting information 
can be the state of the communication channels. In games with imperfect information, it can be 
what action has just been played. 

From now on and for the rest of the paper, we let AP be an infinite set of atomic propositions. 

An arena is a structure Q — (V, i?, u/, £) where 1/ = Vi tt) V2 is the set of positions, partitioned 
between positions of Player 1 (Vi) and those of Player 2 (V2), E C [Vi x V2) U (V2 x Vi) is the 
set of edges, vj V is the initial position and £ : V ViAP) is a valuation function, mapping 
each position to the finite set of atomic propositions that hold in this position. 

For V GV, TraceSi^{v) C vV^ is the set of infinite traces starting in v, i.e. the set of infinite 
paths VQV1V2 ... in the game graph {V,E), with vq = v, and similarly TraceSf{v) C vV* is the 
set of finite traces starting in v, i.e. the set of finite paths vqVi . . . t;„ in (V, E), with vq = v and 
n > 0. We let TraceSui = Uv^vTraceSu;{v) and Traces^, = Ut,gyTraces,(u). Typical elements 
of Traces^o are tt, tt', and A, A' are typical elements of Traces^. Plays,^ denotes Tracesi^{vi) and 
PlaySf denotes Traces^{vi), respectively the set of infinite and finite plays in the game. We 
shall write p instead of A to distinguish finite plays from other finite traces. 

For an infinite trace tt — vqVi . . . and i,j G N, 7r[i] := Vi, 7r[i, 00] :— Wi^i+i . . . G TraceSi^ and 
7r[i,j] :~ Vi . . .Vj G Traces^,. We will use similar notations for finite traces, and |.| : Traces^, U 
Traces^: — > N U {ui} denotes the length of the trace. If A G Traces^, we let last{\) A[|A| — 1] 
be the last position of A. 

A strategy for Player k, k € {1, 2}, is a partial function a : Plays,, — >■ V that assigns the next 
position to choose in every situation in which it is Player fc's turn to play. In other words a{p) 
is defined if last{p) G Vfc. Let cr be a strategy for Player k. We say that a play vr G Plays^^ is 
induced by a if for alH > such that Tr[i] G Vi, Tr[i + 1] = cr(7r[0, i]), and the outcome of a, noted 
Out(cr) C PlaySuj, is the set of all infinite plays that are induced by cr. 

We want to express properties of strategies that do not concern only single traces but rather 
sets of correlated traces. We first give a very abstract definition. 

Definition 1 Let Q he an arena. A uniformity property U C 'P{Plays^) is a set of sets of plays 
in Q. 

Definition 2 Let Q be an arena and U a uniformity property. A strategy a is [/-uniform if 
Out{a) G U. 

This definition gives an idea of the notion we want to capture, but first this set-theoretic 
definition is not very intuitive, and moreover it is so expressive that automatically handling this 
notion in its generality is hopeless. We therefore restrict the notion of uniform strategy by fixing 
a formal language to specify uniformity properties. As demonstrated in the next section, the 
language is powerful enough to capture plethora of instances from the literature. 

The proposed language enables to express properties of the dynamics of plays, and resem- 
bles the Linear Temporal Logic {LTL) |GPSS80| . Howe ver, while LTL formulas are evaluated 
on individual plays (paths), we want here to express properties on "bundles" of plays. To this 
aim, we equip arenas with a binary relation between finite plays, and we enrich the logic with 
a modality R that quantifies over related plays: the intended meaning of Rip is that Lp holds in 
every related play. 

For the general presentation of the logic, we do not make yet assumptions concerning the 
binary relation over plays, as opposed to Section [5] dedicated to decidability issues. 

We now give the syntax and semantics of the language £. 
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2.1 SyntcLx 

The syntax of the language C is the following : 

C : (fijil^ ::— p \ -^(p \ (p A il> \ Op \ ipU xp \ Rip 

where p is in AP. As usual we will use the following notations : true :— pW^p, false := -itrue, 
Fp :— true U p, Gp := -iF^p), and pWip := p> U ip \/ Gp>. In addition we will use the following 
notation: {R)p :~ -^R^ip, and for a formula ip G C, Sub{p) denotes the set of all its subformulas. 

The syntax of C is similar to that of linear temporal logic with knowledge |HV89| . However, 
we use R instead of the usual knowledge operator K to emphasize that though it has a strong 
epistemic flavour, notably in various application instances we present here, it need not be inter- 
preted in terms of knowledge in general, but merely as a way to state properties of bundles of 
plays. 

Definition 3 For a formula p G C, we define the i?-depth 0/1^9, denoted dii{ip) , as the maximum 
number of nested R modalities in p. For n > 0, let Cn = {p> C \ dii{p>) = n} be the set of 
formulas of R- depth n. 

We note LTL the language £„ as it matches the syntax (and also the semantics) of the 
Linear-time Temporal Logic of |GPSS80] . 

2.2 Semantics 

To give the semantics of C we take an arena Q = {V, E, vj, t) and a relation ^ C Plays^. x Plays^- 
A formula p oi C is evaluated at some point i e N of a trace tt G Plays^o, within a universe 
n C PlaySi^. The semantics is given by induction over formulas. 



n,7r 


i ^p 


if 


p e l{n[i]) 




n,7r 


i ^ ^p 


if 


n,7r, i ^ (y9 




n,7r 


i \= p Alp 


if 


n, TT, « \= p and n, TT, i \^ ^p 




n,7r 


i h Op 


if 


n, TT, « + 1 ^ p 




n,7r 


i \= pU ip 


if 


there is j > i such that 11, tt, j ip and for all 


i < k < j, n, TT, fc 1= (y9 


n,7r 


i ^ Rp 


if 


for all tt' G n, j G N such that 7r[0,i] ^ 7r'[0, j] 


n,7r', j h f 



The LTL part is classic. Rp is true at some point of a trace if p is true in every related finite 
trace in the universe. 

We will sometimes need to evaluate an LTL-formula p in a position v of an arena, with the 
classic semantics that p holds in v if it holds in every trace starting in v. 

Formally, for an arena Q = {V^ E,vi,i), a position v d V and a formula p G LTL, we write 



Q,v\=pifT:,0\=p for all tt G TraceSi^{v) 
Here we can omit H because the formula has no R modality. 

Definition 4 Given an arena Q — (V, E,vi,l), a uniformity property is a pair (^, p) where ^ 
is a relation over Plays^ and p E C is a formula. 

Now we define two notions of uniform strategies, which differ only in the universe the R 
modality quantifies over: Out(<T) or Plays^j (with the latter, related plays not induced by the 
strategy also count). As we shall see in the examples of the next section, making a nuance is 
worthwhile. 
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Definition 5 Let Q be an arena and ('^, ip) he a uniformity property. A strategy a for Player 1 
is 

• (y9) -strictly-uniform if for all vr G Out{a), Out{a), t:,0 ^ if. 

• ('^, (ys) -fully-uniform if for all tt G Out{a), Plays^,, t:,0 ^ ip. 

The notion of fully-uniform strategy is in a sense weaker than the strictly-uniform one. In- 
deed, the fact that a particular play in an arena verifies a formula ip in the fully-uniform se- 
mantics, i.e. with Plays^ and not Out((T) as a universe, is independent of the strategy. Hence 
in the general definition of uniform strategies, a uniformity property U could be defined to be 
a set of plays instead of a set of sets of plays, and a strategy a could be said to be uniform if 
Out((T) C U instead of Out(cr) G U , it would still contain the notion of fully-uniform strategies. 
Strictly-uniform strategies could no longer fit in this definition though, as deciding whether a 
play verifies a formula in this semantics cannot be done without knowing the strategy. In this 
sense, strict uniformity is "stronger" than full uniformity. However, the notion of fully- uniform 
strategies still enables to characterize tree languages that are not even /i-calculus definable: in- 
deed, as observed by [ACZ06 , given a infinite tree. Property (*) that at every depth d > 0, 
there exist two nodes, one of which being labeled by, say p, and one of which not being labeled 
by p, cannot be w-regular (a pumpimg lemma argument suffices). Hence this property cannot 
be defined by any ^-calculus formula. However, we are able to characterize arenas whose tree 
unfolding has this property: consider the equivalence relation =iength which relates plays with 
equal length. One easily sees that the existence of a {=iength,G{{R)p A (i?)-ip))-fully-uniform 
strategy is equivalent to say that the tree unfolding of the arena has Property (*). 

Remark also that the relation ^ plays no role in Definition |5] if does not contain any 
R operator, hence it is a mere LTL formula. Notice that in this latter case, some standard 
w-regular (winning) conditions can be expressed over plays. The extension to a more powerful 
logic, such as the full propositional /x-calculus, in order to capture all cj-regular properties is a 
priori possible. However, for the examples considered in Section [3] this full power is not needed. 

3 Frameworks from the literature 

In this section we demonstrate that the notion of uniform strategy of previous Section [5] enables 
to embed various problems from the literature, and in particular that it subsumes two existing 
notions of uniform strategies. 

3.1 Games with imperfect information 

Games with imperfect information, in general, are games in which some of the players do not 
know exactly what is the current position of the game. This can occur in real games, 6.17. poker 
since one does not know what cards her opponents have in hands, but also in situations arising 
from computer science, like for example a program that observes or controls a system by means 
of a sub-part of its variables, the interface, while other variables remain hidden. One important 
aspect of imperfect-information games is that not every strategy is "playable". Indeed, a player 
who has imperfect information cannot follow a strategy in which different moves are chosen for 
situations that are indistinguishable to her. This is why strategies are required to choose moves 
uniformly over observationally equivalent situations. This kind of strategies is sometimes called 
uniform strategies in the community of strategic logics f |VB01l IBenOSI |JH04| 1. or observation- 
based strategies in the community of computer-science oriented game theory f |CDHR06| l. 
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In games with imperfect information, the player's abihty to remember what happened so far 
along a play is a key point to achieve a winning strategy, as opposed to e.g. perfect-information 
parity games, where memoryless strategies are sufficient. Moreover in an imperfect information 
configuration, it is necessary to define what situations are indistinguishable to the player, and 
this requires defining how much memory she has of what occurs in a play. It is therefore relevant 
under an imperfect information assumption to distinguish the perfect recall setting, as opposed to 
the imperfect recall one. In the former, the player remembers the whole history of the observation 
she had of a play, no matter how long it is, while in the latter the player forgets a part of the 
information. An agent with imperfect information can either be memoryless, i.e. he does not 
remember anything and takes his decisions only based on the current position, or have a bounded 
memory, but this case can be reduced to the memoryless case by putting the different possible 
configurations of his memory in the positions of the arena. 

While games with imperfect information and perfect recall have been studied intensively 
|Rei84l ICDHR061 |BD08J, the case of imperfect recall has received much less attention since 
paradoxes concerning the interpretation of such games were raised |PR97| . Nonetheless, relevant 
problems may be modeled with imperfect recall: typically, particular computing resources have 
very limited memory and cannot remember arbitrarily long histories. 

In this subsection, we show that the notion of "uniform" or "observation-based" strategy can 
be easily embedded in our notion of uniform strategy, and this no matter the assumption made 
on the memory of the player. 

We first consider two-player imperfect-information games as studied for example in |Rei84l 
ICDHR061 IBD08] . In these games. Player 1 only partially observes the positions of the game, 
such that some positions are indistinguishable to her, while Player 2 has perfect information 
(the asymmetry is due to the focus being on the existence of strategies for Player 1). Arenas 
are labelled directed graphs together with a finite set of actions Act, and in each round, if the 
position is a node v, Player 1 chooses an available action a, and Player 2 chooses a next position 
v' reachable from v through an a-labelled edge. 

We equivalently define this framework in a manner that fits our setting by putting Player I's 
actions inside the positions. We have two kinds of positions, of the form v and of the form {v, a). 
In a position v, when she chooses an action a. Player 1 actually moves to position (w,a), then 
Player 2 moves from (v, a) to some v' . So an imperfect-information game arena is a structure 
Gimp = (07 ~) where G — {V, E,vi,£) is a two-player game arena with positions in Vi of the 
form V and positions in V2 of the form (u, a). For a position (w, a) G V2, we note (v, a). act := a. 
E C Vi X V2UV2 X Vi, vE{v' , a) implies v = v' , vi £ Vi. We assume that pi e AP and for every 
action a in Act,, pa G AP. pi holds in positions belonging to Player 1, and pa holds in positions 
of Player 2 where the last action chosen by Player 1 is a: £{v) — {pi} for v ^ Vi, £{v, a) = {Pa} 
for {v,a) G V2. Finally, ~ C is an observational equivalence relation on positions, that 
relates indistinguishable positions for Player 1. We define its extension to finite plays as the least 
relation « such that p ■ v ~ p' ■ v' whenever p ~ p' and v ^ v' , and p ■ (v, a) ~ p' ■ {v' , a') whenever 
p ~ p' , V ^ v' and a = a' . 

We add the classic requirement that the same actions must be available in indistinguishable 
positions: for all v,v' £ Vi, ii v v' then vE{v, a) if, and only if, v' E{v' , a). In other words, if a 
player has different options, she can distinguish the positions. 

Definition 6 A strategy a for Player 1 is observation-based if for all p, p' G v{V2Vi)*, p ~ p' 
implies a{p).act = a(p').act. 

We define the formula 
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which expresses that whenever it is Player I's turn to play, there is an action a that is played in 
all equivalent finite play. 

Theorem 1 A strategy a for Player 1 is observation-based if, and only if, it is («. SajneAct)- 
strictly-uniform. 

Here we have to make use of the notion of strict uniformity, and not the full uniformity. 
Indeed, after a finite play 7r[0,i] ending in Vi, we want to enforce that the actions in the next 
positions of equivalent plays are the same only in those plays that are induced by the strategy 
we consider, and not in every possible play in the game. This would of course not hold as soon 
as several choices are possible in 7r[i]. 

Also, it is interesting to see that this notion could also be embedded with a simpler formula 
by using a relation that is not an equivalence. Define ^ as: 7r[0, i] ^ tt' [0, j] if 7r[i] e Vi, j = i + 1 
and 7r[0,i] « 7r'[0,i], and define the formula: 



Then a strategy a for Player 1 is observation-based if, and only if, it is {-^, SameAct ')-strictly- 
uniform. 

In this version, the relation is not refiexive, in particular plays ending in V2 are linked to no 
play, making Rip trivially true for any tp. This is the reason why we no longer need to mark 
positions of Vi with the proposition pi and test whether we are in Vi before we ask for some pa 
to hold in every reachable position. 

Finally, notice that to embed the case of imperfect-recall for example, one would just have to 
replace w with the appropriate relation. 

3.2 Games with epistemic condition 

Uniform strategies enable to express winning conditions that have epistemic features, the rele- 
vance of which is exemplified by the games with opacity condition studied in |MPB11| . In that 
case, R can represent a players' knowledge, or distributed knowledge between a group of players, 
or common knowledge, depending on the winning condition one wants to define. 

Games with opacity condition are based on two-player imperfect-information arenas with a 
particular winning condition, called the opacity condition, which relies on the knowledge of the 
player with imperfect information. In such games, some positions are "secret" as they reveal a 
critical information that the imperfect-information player wants to know (in the epistemic sense) . 

More formally, assume that a proposition ps € AP represents the secret. Let Qinf = {G, ^) be 
an imperfect-information arena as described in Section I3.1L with a distinguished set of positions 
S CVi that denotes the secret. Let G = (Y, E,vi,i) be the arena with £~^{{ps}) = S (positions 
labeled by ps are exactly positions v € S). The opacity winning condition is as follows. 

The knowledge or information set of Player 1 after a finite play is the set of positions that 
she considers possible according to the observation she has: let p € Plays^ be a finite play with 
last[p) G Vi. The knowledge or information set of Player 1 after p is I{p) :— {last{p') \ p' € 
Plays*, p w p'}. 

An infinite play is winning for Player 1 if there exists a finite prefix p of this play whose 
information set is contained in S, i.e. I{p) C S, otherwise Player 2 wins. Again, strategies for 
Player 1 are required to be observation-based. It can easily be shown that: 

Theorem 2 A strategy a for Player 1 is winning if, and only if, a is («, YRpg)- strictly-uniform. 
A strategy a for Player 2 is winning if, and only if, a is («, Gs^Rps) -fully-uniform. 



SameAct' := G 
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For the second statement of Theorem |5] we make use of the notion of full uniformity because 
we are interested in the knowledge of Player 1. We consider that she does not know what 
strategy Player 2 is playing, hence she may consider possible some plays that are observationally 
equivalent to her but not induced by this strategy. 

On the other hand, for the first statement, we use strict uniformity but could have used full 
uniformity instead. Indeed, since the actions chosen by Player 1 are part of what she observes, 
she cannot consider possible a finite play that has not followed her strategy until the point i 
considered. In fact, if tt is induced by a and 7r[0,i] « 7r'[0,«], then 7r'[0,i] is also induced by a. 
The future of the play may not follow sigma, but this is not a problem here. Indeed, the property 
that we consider on equivalent plays, ps, does not depend on the future. 

Notice that though we chose to illustrate with an example, any winning condition that could 
be expressed as a formula of the linear temporal logic with one knowledge operator would fit in 
our setting. 

3.3 Non-interference 

Non-interference, as introduced by | GM82| , is a property evaluated on labelled transition systems 
which handle Boolean variables. Such systems are tuples {S,I,0,6,si,0utput) where S is the 
set of states, X = iJttli is a set of Boolean input variables partitioned into high security variables 
H and low security variables L, O is the set of Boolean output variables, S : S x 2-^ ^ S is the 
transition function that maps each pair of state and input wiables valuatiorQ to a next state, 
si is the initial state, and Output : S ^2° is the output function that represents a mapping of 
states onto valuations of the Boolean output variables. We extend the transition function 5 to 
S X (2-^)* S* as expected: 5{s, e) = s and S{s, ua) = S{6{s, u), a). 

We define the i-equi valence, over (2^)* hy u u' whenever u and u' have the same 
length and they coincide on the values of the low security input variables, i.e. for all 1 < 
i < length{u), for all Z £ L, / G u{i) <^ I G u'{i). Given an infinite sequence of inputs 
w e (2'^)'^, we abuse notation by writing Output{w) for the infinite sequence of output variables 
valuations encountered in the states along the execution of the system on input w. A system 
{S,X,Ot 5, si, Output) verifies the non-interference property if for any two finite sequences of 
inputs w,w' G (2"^)*, w k,]^w' implies Output{w) — Output{w'). In other words, the valuations 
of high security variables have no consequence on the observation of the system. 

A first natural problem is to decide the non-interference property of a system. A second more 
general problem is a control problem: we want to decide whether there is a way of restricting the 
set of input valuations along the executions, or equivalently to control the environment, so that 
the system is non-interfering. By constraining the applied restriction to be trivial, the former 
problem is a particular case of the latter. We can encode the control problem in our setting. 

Let Sys — {S,I,0,6,si,0utput) be an instance of the problem, and write E for 2-^ with 
typical elements a,b, . . . Without loss of generality, we can assume that Sys is complete: every 
input valuation yields a transition. We define a two-player game arena that simulates the system, 
in which Player 1 fixes the environment, i.e. a subset of the possible inputs in the current state, 
and Player 2 chooses a particular input among those. More formally, let Qsys — {V,E,vj,£), 
with 1/ = V"i W ^2, Vi = (E l±) {e}) x S and V2 = 5* x 2^. A position (a, s) G Vi denotes a situation 
where the system reaches state s by an a-transition, and (s. A) G V2 denotes a situation where 
in state s, the set of possible inputs is A. The set of edges E of the arena is the smallest set such 
that {a, s)E{s, A) for all s G S*, a G E and A C E, and {s, A)E{a,S{s,a)) whenever s E S and 

^ we classically confuse valuations over a set B of Boolean variables with elements of 2^ . 
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a G A. The initial position of the arena is vj = (e, si), and by assuming that {po \ o G 2'-'} C AP, 
we set £{a,s) = i{s,A) = {poutput{s)} ■ 

By writing t for the canonical projection from Vi U V2 onto 2-^ (that is /,(e, s/) = l{s, A) = e 
and t(a, s) = a) and by extending l to finite plays as expected, we let p =l p' hold whenever 
t{p) ~i i{p').We now define the formula 



which captures the property that the valuations of output variables along =i-equivalent execu- 
tions of the system coincide, and we can establish the following. 

Theorem 3 There is a one-to-one correspondence between {= SameOutput)- strictly-uniform 
strategies of Player 1 and the controllers which ensure the non-interference property of the system. 

In particular, the trivial strategy of Player 1, where from any position (a, s) she chooses to 
move to (s, E), is {=L,SameOntput) -strictly-uniform if, and only if, the system has the non- 
interference property. 

Here we have to use the strict uniformity as we only want to consider the executions of the 
machine allowed by the control represented by the strategy. 

Notice that in order to make this control problem more realistic, one would seek a maximal 
permissive strategy/controller so that environments as "large" as possible are computed, but this 
is out of the scope of the paper. 

3.4 Diagnosis and Prognosis 

Diagnosis has been intensively studied, in particular by the discrete-event systems community 
(see for example ISSL+951 IYL02[ [CL99| 1. Informally, in this setting, a discrete-event system is 
diagnosable if any occurrence of a faulty event during an execution is eventually detected. More 
formally, diagnosability is a property of discrete-event systems which are structures of the form 
Sys — (S*, E, So, A, s/, F), with S the set of states, S the set of events, Eq C E the observable 
events, A C 5 x E x 5 the transition relation, s/ the initial state and F C S the faulty states; 
we assume that once a faulty state is reached, only faulty states can be reached (the fault is 
persistent). We can rephrase this problem in our setting, with a single player simulating the 
system. Notice that since there is only one player, a strategy defines a unique infinite play. 

Here we assume that G AP represents the fact of being faulty. Let Gsys — {V,E,vj,£), with 
Vi = 0, F2 = (S W {e}) X 5, (a, s)E{b, s') whenever (s, b, s') € A, vj = (e, s/), and £{a, s) = {/} if 
s G F, $ otherwise. We write p =x;„ p' whenever the sequences of observable events underlying 
p and p' are the same (these sequences are obtained from the sequences of positions in the play: 
for each position of the form (a, s), keep its letter a if a G Eq, and delete it otherwise). In 
this game Player 1 never plays, all she does is look at Player 2 simulate the system. There is 
only one strategy for her, which is to do nothing, and all possible plays, representing all possible 
executions of Sys, are in the outcome of this strategy. 

Theorem 4 Sys is diagnosable if, and only if. Player 1 has a (=Soi ^Pf ^ F Rp f) -fully-uniform 
strategy in Gsys ■ 

Here again, since the outcome of the only possible strategy for Player 1 is the whole set of 
plays, we could equivalently choose full or strict uniformity. 

Prognosis is a companion of diagnosis, but focuses on the ability to predict that a fault will 
occur. Prognosability-like properties can be defined in our setting. As an example, we aim at 
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saying that a system is prognosable whenever the fact that a fault occurs in a system is known 
at least one step in advance. We define the following formula, which means that either a fault 
never occurs, or it occurs but we know it one step before it does. 

Prognose := {^pf)W{-^Pf A ROpf)) 
Using the same framework as for diagnosis, we can propose: 

Definition 7 A system Sys is prognosable if there is a (=^^, Prognosej-fuUy-uniform strategy 
for Player 1 in Qsys ■ 

3.5 Dependence Logic 

Dependence Logic is a fiourishing topic introduced recently by Vaananen jVaa07| . It extends 
first order logic by adding atomic dependence formulas dep(<i, . . . , which express functional 
dependence of the term i„ on the terms ii,...,t„_i. A dependence atom dep(a:o,xi) can be 
interpreted as "the value of Xi depends only on the value of xq", or "the value of xi is fully 
determined by the value of xq " . Evaluating a dependence between terms on a single assignment 
of the free variables is meaningless: in order to tell whether t depends on t' , one must vary the 
values of t' and see how the values of t are affected. This is why a formula of Dependence Logic is 
evaluated on a first-order model M. and a set of assignments for the free variables, called a team. 
If i is a term, M a model and s an assignment for the free variables in t, we note \t\^ E M the 
interpretation of t in the model M with the assignment s. 

Dependence Logic is inspired by Independence Friendly logic (IF logic), a logic defined by 
Hintikka and Sandu fHS89' . Van Benthem gives in |Ben05| an imperfect-information evaluation 
game for IF logic, using a notion of uniform strategy that corresponds with the classic notion of 
imperfect-information or observation-based strategy. 

For Dependence Logic, an evaluation game is also given in |Vaa07| . It is presented as a 
game with imperfect information, because strategies must verify some "uniformity constraint", 
which makes the game undetermined. However, the notion of uniform strategy in these games 
is not defined as "playing uniformly in positions of an information set", but rather as "playing 
such that, when positions of an information set are reached, some property uniformly holds in 
these positions". For this reason it is a notion of uniform strategy different from the one used by 
Van Benthem in |VB01I iBenOS] , and this game is not a game with imperfect information stricto 
sensu. 

We present the evaluation game, the uniformity requirement and then show that this notion 
fits in our setting. 

Let $ be a sentence (formula with no free variable) of Dependence Logic in negation normal 
form, i.e. only atomic formulas can be negated, and let M he a, first order model. t/'^((p) is 
a two player game between Player 1 and Player 2; positions are of the form (<p,n, s), where (p 
is a subformula of $, n is the position in $ of the first symbol of ip and s is an assignment 
whose domain contains the free variables of Lp. The index n is used to decide, given two positions 
containing the same dependence atom, whether they are the same syntactic subformulas of Lp or 
not. For a subformula Lp, len{ip) is the number of symbols in ip. The game starts in position 
((/?, 1, 0) and the rules are as follows: 
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position {tl = <2,n,s): if = pslf , Player 1 wins, 

position (-.(tl = ^2), ri, s): if Pilf = p2]lf , Player 2 wins 

position (i?ti . ..tm,n,s): if . . . I^mlf , Player 1 wins, 

position {^Rti . ..t^,n,sy. if M^M^ ■ ■ ■ I^mlf , Player 2 wins, 

position (dep(ti, . . . , tm), n, s): Player 1 wins, 

position (-idep(/:i, . . . , t,n),n, s): Player 2 wins. 

position ((/3 V i/', s): Player 1 chooses between position {if, n, s) and {ip, n + 1 + len{(p), s). 

position {ip A ip, n, s): Player 2 chooses between position {(p, n, s) and {tp, n + 1 + len{(p), s). 

position {3xip, n, s): Player 1 chooses a value a G M and moves to {ip, n + 2, s{x !-> a)) 

position {\/xip, n, s): Player 2 chooses a value a G M and moves to {ip, n + 2, s{x H> a)) 




xo = Tl V dep(xo, xi) 
{.To >-» 0, 
xi ^ 0} 



/ 



Xo = Xi V d6p(xy, Xi) 
{.T„ ^ 0, 

Xi 1} 



X(] =xi Vdep(xo,xi) 
{x„ ^ 0, 
.Tl >-> 2} 



\ 



\ 



XQ = Xi 


dep(xo,xi) 


xa = XI 


dep(xo,xi) 


xo = .Tl 


dep(xo, Xl) 


{xo 0, 


{xo [-> a, 


{xo ^ 0, 


{xu ^ Q, 


{x„ 0. 


{x[, ^ 0, 


xi ^ 0} 


xi 0} 


Xi h^. 1} 


Xl 1} 


Xl ^ 2} 


Xl 2} 



Figure 1: Evaluation game for Va;oVa;i {xq — xi V dep(a;o, xi)) with M — {0, 1, 2} 

Figure [1] represents (a part of) the game for the evaluation of the Dependence Logic formula 
VxoVa;i(xo = XiV dep(a;o, xi)) on a model Ai with domain M = {0, 1, 2}. This formula is not 
true in this model. Indeed, intuitively, if there are at least three elements in the domain, it is 
not because xq and xi do not have the same value that the value of xq determines the value of 
xi: there remain two possibilities for the value of xi that are not the one of xq. So there should 
not be a winning strategy for Player 1 for the evaluation game to be correct. 

In the first two rounds. Player 2 chooses a value for each of the universally quantified variables 
Xo and Xi. Then Player 1 chooses a disjunct and we reach atomic formulas. Green positions are 
winning for Player 1, red ones are winning for Player 2. The red arrows indicate a strategy for 
Player 1 (we focus on the subtree for xq = 0, we assume that Player 1 plays the same way in the 
others). We see that this strategy is winning for Player 1, while the formula is not true in the 
model. 

The problem comes from the fact that, as said earlier, a dependence atom must not be 
evaluated on a single assignment but on a set of assignments, a team. In the evaluation game, the 
team in which a dependence atom dep(ii, . . . , t„) should be evaluated is the set of assignments in 
leafs that contain dep(ti, . . . , tn) and are reached by the strategy. In the example, the assignments 
in the two leafs linked with the dashed line, {xq h> 0,xi i-^ 1} and {xq m- 0, xi i-^ 2} , are thus 
part of the team in which dep(xo,xi) should be evaluated (there are more in the two other 
subtrees not shown here). Then we see that this strategy should not be allowed as while both 
leaves agree on the value of xq, they do not agree on the value of xi. This observation leads to 
defining a certain notion of uniform strategy. 
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A strategy a for Player 1 is uniform in the sense of [Vaa07| if, for every two finite plays p, p' e 
Out(CT) such that last(p) = (dep(ti, . . . , tm), n, s, 1) and last{p') — (d.ep(ii, . . . , tm), n, s' , 1) con- 
tain the same (syntactically speaking) atomic dependence subformula, if s and s' agree on 
ti, . . . ,tm-i, then they also agree on tm- Then we have the expected property that a sen- 
tence if of Dependence Logic is true in a model A4 if Player 1 has a winning uniform strategy 

We characterize uniform strategies in the sense of [VaaO?' as uniform strategies in our sense. 
The game described above easily fits in our setting (we add loops on terminal positions so as 
to obtain infinite plays). Let $ be a sentence of Dependence Logic, and be a finite model. 
We call = {V,E,vi) the evaluation game defined above. For each object a G M of the 
domain we use one atomic proposition pa, and we also use the proposition pd to mark positions 
that contain dependence atoms. So we assume that {pa \ a £ M} \+) {pd} C AP, and we define 
— {ViE,vi,£), where the valuation £ is as follows : 

£{dep{ti,...,tm),n,s) = {pajPd} with a = |t,„]^ 
i{_,n,s) ^ 

We define the equivalence relation ~ on finite plays as the smallest refiexive relation such 
that if there is ip = dep(ii, . . . , i^) and n s.t last{p) = {ip,n,s), last{p') = {ip,n^s'), and 
Pils^ — [^il^^ for i = 1, . . . , n — 1, then p ~ p' . Now we define the formula 

AgreeOnLast := G{pd \/ Rpa) 

which expresses that whenever the current position contains a dependence atom dep(ti, . . . , tm), 
it agrees with all equivalent finite plays on some value a for tm- Since equivalent plays are those 
ending in a position that has the same dependence atom and agrees on the first m — 1 terms, it 
is easy to prove: 

Theorem 5 A strategy a for Player 1 in G'^ is uniform if, and only if, it is (~, AgreeOnLast) - 

strietly-uniform in . 

In this example again, the strict uniformity is needed, as we only want to catch leaves that 
are hit by the strategy. Also, note that here ~ is an equivalence because we take the reflexive 
closure of some transitive and reflexive relation. But as for observation based strategies, if we 
did not take the reflexive closure, we could avoid using the proposition pd and use the simpler 
formula 

AgreeOnLast' G \J Rpa 

Indeed the relation would not be reflexive: in particular plays not ending in a dependence 
atom would not be linked to any play, and Rlp would trivially hold for any Lp in these plays; this 
is why testing whether we are in a dependence atom before enforcing that some pa must hold 
everywhere would no longer be needed. 

3.6 Dependence logic and games with imperfect information 

As we said, the evaluation game for Dependence Logic presented in the previous subsection is 
said to be a game with imperfect information. We do not agree, because the difference between 
games with perfect information and games with imperfect information (at least in the perfect 
recall setting, it is not as clear otherwise, see |PR97| 1 lies in the fact that in the latter, some 
flnite plays are related, in the sense that they are indistinguishable to one of the players, and 
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this player must behave the same way in these related situations. Concerning the evaluation 
game for Dependence Logic, the difference with perfect-information games is that some plays are 
related, those ending in positions bound to the same atomic dependence formula dep{ti, . . . , tn) 
with valuations agreeing on ii, . . . , t„_i, and the valuations in these related positions must agree 
on tn- So it is not that players should behave the same way in related situations, but rather that 
the players should have behaved in such a way that the valuations for i„ are the same in related 
situations. 

But it is true that there is a similarity between these two constraints on allowed strategies, 
as shown by looking at the formulas of the uniformity properties capturing observation-based 
strategies (SajneAct) and uniform strategies in the sense of Dependence Logic (AgreeOnLast): 

SameAct = G{pi \J ROPa) and AgreeOnLast — G{pd \J Rpa) 

aeAct aeM 

In the first case, the same thing must happen in equivalent situations, whereas in the second 
case, the same thing must hold in equivalent situations. 

The resemblance is even more striking if we take the second versions: 

SameAct ' = G \J Rpa and AgreeOnLast ' = G \J Rpa 

a£Act aeM 

Neither semantics games for Dependence Logic are games with imperfect information in the 
classical sense, nor games with imperfect information can be easily described using the uniform 
strategy notion of |Vaa07| . but both can be characterized in a very similar way with our notion 
of uniform strategies. 



4 Regular relations 

The previous examples from the literature all fall into a particular class of binary relations, so- 
called re3MZar0 relations. They are characterized by some finite state machines called transducers 
|Ber79| . One way to see a transducer is to picture a nondeterministic automaton with two tapes, 
an input tape and an output tape. The transducer reads an input finite word on its input 
tape and writes out a finite word on its output tape. Notice that this machine is in general 
nondeterministic so that it may have several outputs for a given input word. Hence, transducers 
define binary relations. 

Definition 8 A Finite State Transducer (FST) is a tuple T — {Q, E, F, qi, Qp, A), where Q is a 
finite set of states, S is the input alphabet, F is the output alphabet, qi ^ Q is a distinguished 
initial state, Qf Q is a set of accepting states, and A C Q x (S U {e}) x (F U {e}) x Q is a 
finite set of transitions. 

Intuitively, (q, a, b, q') G A means that the transducer can move from state q to state q' by 
reading a and writing b (both possibly e). We also define the extended transition relation A*, 
which is the smallest relation such that: 

• for all q ^ Q, (g, e, e, q) £ A*, and 

• if (g, w, w', q') e A* and (q', a, &, q") £ A, then {q, w a,w' -b, q") e A*. 

"^Actually, the genuine vocabulary is "rational relations", but we prefer to use "regular relations" to avoid any 
misleading terminology in the context of game theory and rational players. 
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In the following, for q,q' E Q, w Cz S* and w' £ T* , notation q-\w/w']—^ q' means (q, w, w' , q') € 

A*. 

Definition 9 Let T ~ {Q, E, T, qi, Qp, A) be an FST. The relation recognized by T is 

[T] {{w,w') \we^*,w' e r*,3q E Qf, qi -l^/w']^ q}. 

In other words, a couple (w,w') is in the relation recognized by T if there is an accepting 
execution of T that reads w and outputs w' . 

Definition 10 Let S and T be two alphabets. A binary relation ^ C S* x F* is regular if it is 
recognized by an FST. 

We now recall some basic properties of regular relations that will be useful later on. The 
first property regards intersection (regular relations are not closed under intersection in general) 
and the second property regards composition. The interested reader is referred to jBer79| for 
technical details. 

Property 6 Let E and T be two alphabets. Let ^ C S* x F* be a regular relation, and let L 
and L' be two regular languages over E and F respectively. Then ^ Cl (L x L') is also a regular 
relation. 

Let T,,T,',T," be three alphabets. Let C E* x E'* and -^2 ^ S'* x E"* be two binary 
relations. 

Definition 11 The composition 0/^1 and ^2 is ^1 0^2^ x E"*, defined by: 

"^1 o {ip,p") I 3/9' e E'*,p^i p' and p' ^2 p"} 

Property 7 JEM65^ If ^1 and ^2 ai^e two regular relations recognized respectively by Ti and 
T2 , then o '^2 is also regular, and the composition of the transducers Ti o T2 recognizes 
o ^^2 ■ 

We close this section by taking two examples of binary relations involved in Section |3] and 
showing that they are regular. In fact, one can check that they all are. 

Example 1 We first consider an example induced by the imperfect-information setting of Sec- 
tion \3.l\ Let Qimp = iV,E,vi,£,'~^) be an imperfect-information game arena as described in 
Section \S.l\ Relation w C Plays^ is an observational equivalence over plays, generated by the 
equivalence ^ between positions. Consider the FST Tobs depicted in Figure [H with a unique 
initial state (ingoing arrow) that is also the final state (two concentric circles). It reads an input 
letter (a position) and outputs any position that is ^-equivalent to it. This FST recognizes a 
relation ~ over V* x V* , such that « = ~ n Plays^. Because Plays^ is a regular language (one 
can see Q as a finite state automaton). Proposition \d[ gives that ~ n Plays^ is also a regular 
relation, and in fact Q x Tobs x Q is a transducer that precisely recognizes «. 



Example 2 Consider another binary relation that is also an equivalence, but induced by some 
alphabetic morphism h : V — )■ O U {e}; two plays p and p' are equivalent, written p =0 p' , 
whenever h{p) — h{p'). This example generalizes the one of Section \3.4\ where the alphabetic 
morphism is a mere projection. In order to draw an FST for the relation =0, we need to fix 
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{v/v' I V ^ v'} 




{{v,a)/{v',a)\v^v'} 
Figure 2: Tobs, an FST for the equivalence relation ~ of Sections 13. II and 13.21 




Figure 3: Tq, an FST for the equivalence relation =o. 
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the set O. Assume O has only two elements blue and pink so that any position in the game is 
either observed as h{v) = blue or h{v) — pink or unobserved (the case h{v) — e). The FST Tq 
that recognizes =o is drawn in Figure O Once again, one should take the product of Tq with 
the game arena to restrict the relation to Flays,, x Flays,. Remark that contrary to the case of 
equivalence ss in Figure [H the equivalence =q does not preserve the length of plays. 

Example [T] is an example of a simple transducer, but in fact all relations of Section [3] can 
be recognized by the transducer given in Example |5] for an appropriate alphabetic morphism. 
In the next section, we will only consider regular relations over plays, i.e. the relation ^ in the 
model is recognized by some EST. 

5 Automated synthesis of fully-uniform strategies 

In this section, we study the problem of synthesizing fully-uniform strategies. We restricy finite 
arenas. Motivated by Section |4l we only consider regular relations, and as a consequence we 
always assume that the semantic relation between plays is described by a finite state transducer 
T. Still, when it is clear from the context, we write instead of \T]. Also, because we only 
consider full uniformity and no longer the strict one, it is understood in the semantics of a 
formula that the universe 11 is the set of plays of the considered game, hence we omit it when it 
is clear from the context. Eurthermore, we will sometimes make the semantic relation between 
plays explicit. All these conventions yield a notation of the form tt,? \=-^ ^ meaning that 
FlaySoj, n,i \= If with the i?-modality semantics based on the binary relation 

Einally, in this section, the size \Q\ of an arena Q is the number of positions, the size |r| of a 
transducer T is the number of states, and \ip\ is the size of formula ip. 

Definition 12 For each n £ N, we define the decision problem EUS„ by: 

EUS„ := {{Q, T,ip) \ Q is an arena and ([T], ip) is a uniformity propert]^ with ip € such that 
there exists a {[T], ip) -fully-uniform strategy for Player 1 in Q} 

The fully-uniform strategy problem is EUS:= UneN -'^USn 

Eor an instance {Q,T,ip) of EUS, its size is defined as \{0,T,ip)\ := \Q\ + \T\ + \ip\. 

Theorem 8 EUS„ is in 2-EXPTIME for n<2, and m n-EXPTIME for n>2. 

Corollary 9 The fully-uniform strategy problem is decidable. 

The rest of this section is dedicated to the proof of Theorem |5] We describe a powerset construc- 
tion for a new arena (Section 15. ip and a way to lift the semantic relation between plays to this 
powerset construction (Section 15. 2p . Next we show how to exploit this construction to reduce 
membership in EUSn+i to membership in EUS„ f Section 15. 3p . 

5.1 Powerset arena 

In games with imperfect information, the information set of a player after a finite play is the 
set of positions that are consistent with what she has observed. We define a similar notion in 
our setting, and we show that the regularity assumption on the relation is sufficient to compute 
information sets and build a powerset construction arena in which formulas of the kind Rip where 
p G LTL can be evaluated positionally. 
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Definition 13 Let Q be an arena, ^ C Playsl and p G Plays^. The information set after the 
finite play p is the set of terminating positions of related finite plays. Formally, I{p) = {v' \ 
3p' ■ v' e Plays^:, p p' ■ v'] . 

For an arena Q and a transducer T over Plays^t, we construct a powerset arena Q in which 
formulas of the form Rip can be evaluated positionally when ip ^ Cq. 

Unlike classic powerset constructions |Rei84l [CDHR06| . in our setting, the new information 
set after a move in the game cannot be computed knowing only the previous information set 
and the new position. To compute information sets, we need to simulate the nondeterministic 
execution of T, taking as an input the sequence of positions played and writing as output the 
related plays. This is why in our construction, positions do not contain directly information sets, 
but rather we add in the positions of the game sufficient information on the current configuration 
of the transducer. 

More precisely, two things are necessary: the set of states the transducer may be in after 
reading the sequence of positions played so far, plus for each of these states the set of possible 
last positions written on the output tape (because of nondeterminacy, different executions can 
end up in configurations with same state but different last letters on the output tape). We 
only need to remember the last letter on the output tape, and not the whole tape, because the 
information set which we aim at computing is just the set of the last positions of related plays. 

So positions are of the form {v,S,Last), where 5* C Q is the set of possible current states 
of T, and Last : S — > 'P{V) associates to a state q £ S the set of the possible last positions 
on the output tape of T if the current state is q. The transitions in this arena follow the 
ones in Q, we just have to maintain the additional information about the configuration of the 
transducer. In order to define the initial position vi = {vi, Si, Lastj) of Q we need to simulate 
the execution of T starting from its initial state and reading vj. To do so, we introduce an 
artificial position w_i that initializes the transducer before reading the first position of a play. 
Concretely, u_i = Last_i), with w_i ^ V a, fresh position, S'_i = {qi} because before 

starting the transducer is in its initial state, and Last^i{qi) — because nothing is written on 
the output tape. 

Definition 14 Let Q — {V,E,vi,£) be an arena and T — {Q,V,qi,QF, ^) be an EST such that 
[T] C Playsl. We define the arena § = {V,E,vi,?) by: 

• V = V X V{Q) X (Q ^ V{V)) l±) {v-i] 

• (u, S, Last) ^ {v, S' , Last') if 

- u — v^i and v — vi, or u ^ v, 

- S' = {q' \3qeS, 3 A' eV*, q ^[v/\'] 

- Last'iq') = {v' I 3q £ S,3X' G V*,q 

• vi is the only v (z V such that V-i ^ v. 

• i(v) = i{v) ifv^ {v, S, Last). 

Notice that Q has size \Q\ = 0{\Q\ x 2l'^l x 21^11^1). 

Regarding the definition of transitions, the first point means that transitions in E follow those 
in E, except for the only transition leaving that is used to define vi. The second point for 
the definition of S' expresses that when we move from u to v in Q, we give v as an input to the 



-> g'} and 

-[ii/A' ■ v']-^ q' , or q —[v/e]-^ q' and v' £ Last{q)} 



RR n° 8144 



20 



Maubert & Pinchinat 



transducer. So the set of states the transducer can be in after this move is exactly the set of 
states that can be reached from one of the previous possible states by reading v and writing some 
sequence of positions (possibly e) . We use the notation A because without loss of generality one 
could assume that the transducer can only output sequences of positions that form a valid path 
in the game graph. But it is not important here, the assumption that [T] C Plays^ is sufficient. 
Finally, the third point for the definition of Last' captures that if some position v' is at the end 
of the output tape after the transducer read v and reached q' , it is either because while reading 
V the last letter it wrote is w', or it wrote nothing and v' was already the end of the output tape 
before reading v. 

To finish with, vi is the only successor of and the valuation of a position in the powerset 
construction is the valuation of the underlying position in the original arena. 

Remark 1 We need to clarify the following definitions: 

• S' = {q' \ 3qeS, 3\' eV*, q -[t-/A']^ q'} and 

• Last'iq') = {v' \3qe S, 3\' eV*,q -[v/X' ■ v']-^ q' , or q -[f/eH <l' and v' e Last{q)} 

Indeed, in each one, there can be infinitely many such X' because of transitions that read nothing 
on the input tape. Still, S' and Last' can be computed in linear time in the size of A. To do so, 
for each q in S, we compute Sq^y = {{q' , v') \ 3X' G V* , q —[v/y ■ '«']—> q' , or q — [ii/e]— > q' and v' G 
Last{q)}. S' and Last' can be easily reconstructed from Uq^sSq,v For q G S, computing Sq^^ 
can be done by depth-first search, by first reading v and then only e, and remembering the last 
output. The search can be stopped when we reach a state that has already been visited. 

Let us take an arena Q and an FST T such that [T] C Plays^. For a position u of C/, we will 
access the different components of the position with the notations v. v, v. S, v. Last. 

There is a natural mapping / : Playsi^ Plays^^: for an infinite play vr G t/, we define /(tt) 
as the only play tt in Plays^ such that 7r[0].u • ??[!]. w • 7f[2].w . . . — tt. This is well defined because 
from a position u = (u, S, Last) in V, for v E V such that u — ?• u, there is a unique move v 
such that v.v — v. It is easy to see that / is a bijection. From now on we will slightly abuse 
notations: for a play tt G Plays^^, tt will denote /(tt), and for tt G PlaySuj, tt will denote /"^(tt). 
idem for finite plays. 

Definition 15 Let v — {v, S, Last) E V be a position in the powerset construction. Its local 
information set v. I is defined by: 

V.I :— (J Last{q) 

Definition [TSlmeans that a position v' is in the information set after a play p if and only if there 
is an execution of the transducer on the word seen so far that terminates in an accepting state 
with v' the last output. Actually, the local information sets correspond to the real information 
sets as expressed by the following proposition. 

Proposition 10 For all p G Plays^,, last{p).I — I{p). 

The rest of this subsection is dedicated to the proof of Proposition [TUl 

Lemma 11 Let p E Plays^, and let v := last{p) . Then, v.S = {q\3\' eV* ,qi —[p/X']-^ q] , and 
for each q G v.S, v.Last{q) = {v' \ 3\' G V*,qi -[p/A'- t/]^ q] . 
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Proof The proof is by induction on p. 

Case vj. We note vi = {vj, Sj, Last]), and start with the left-right inclusions for both equalities. 
Let q' € Si and v' £ Lastj{q). By definition of Lastj and Sj there is a q in S-i = {qi} 
(so q = qi) and a X' G V* such that qi — [t)//A']— >■ q', which proves the first inclusion. Since 
Last^i{qi) = by definition, the case A' = e is not possible. So there exists A" such that 
A' — A" • w', which gives us the second inclusion. 

The proofs for the two right-left inclusions are straightforward applications of the definitions 
of Si and Lastj. 

Case p ■ u -v, p G Plays^ U {e}. We note u ~ (u, S, Last) and v = {v, S' , Last'). For the two 
left-right inclusions, let q' G S' and v' £ Last'{q'). By definition of S' and Last' there is a q 
in 5* and a X'-^ G V* such that q -\vl\\\^ q', and either Aj = X' -v' for some A', or A'^^ = e and 
v' G Last{q). By induction hypothesis, we have that 5 = {q | 3A' G V* ,qi-[p- u/X']^ q}, so 
there exists A2 G V* such that qi — [p ■ it/Ay— > q, and by transitivity, qi —[p-u-v/\2 ■ ^'il^^ q' ■ 
This proves the first left-right inclusion. For the second one we split the two cases for X'^. 

• If X'l — X'^-v' for some A3, then by transitivity we have qi — [p ■«■«/>!,■ A'j ■ n']— q' , which 
proves the second left-right inclusion. 

• If X'l — e, then v' G Last{q). By induction hypothesis there is some A3 such that 
qi —[p ■ u/Ag ■ (/]—>■ q. By transitivity we obtain qi — [p ■ a ■ v/X'.^ ■ v']-^ q' , which also proves 
the second left-right inclusion. 

Now for the first right-left inclusion, take q' and A' such that qi -\p- u - v/X']-^ q' . Necessarily 
there exist A'j^, X'2 and q such that qi -[p ■ it/A'J— ;> q, q^v/X'^]-^ q' and A'j^ • A2 = A'. By induction 
hypothesis g G 5, so by definition of S' , q' G S' . For the second right-left inclusion, take 
q' G S', and take v' and A' such that qi —\p- u-v/X'- v']^ q' . Again, necessarily there exist 
X'l, X'2 and q such that qi —[p-u/X[]^ q, q — [w/Ay^^ q' and X'l ■ X'2 — X' ■ v' . By induction 
hypothesis q £ S. We distinguish two cases. 

• If A2 — e, then A'^ = A' • u', hence qi —[p-u/X'-v']^ q. By induction hypothesis, 
v' G Last{q), so by definition of Last', because q £ S and q — [u/e]— > q' , we obtain 
v' G Last'lq'). 

• If A2 = A3 • w' for some A3, then by definition of Last' , because q G S, we have 
v' G Last'iq'). 

This finishes the induction. |^ 

We can now terminate the proof of Proposition [TU] Let p G Plays^,, and let v = last(p) 
be of the form v = {v, S, Last). We remind that (Definition [T2]) I{p) ~ {v' G V \ 3p' ■ v' G 
Plays^,, p ^ p' ■ w'}. 

We start with the left-right inclusion. Let v' G v.l. By definition, v.I = UqgsnQj? Last{q), so 
v' G Last{q) for some q G S HQf. By Lemma [TT] there exists A' G V* such that qi — [p/A' ■ w']— > q, 
and because q G Qf, we have that {p,X' ■ v') G [T], which implies that p X' ■ v' . Since 
^ C Playsl, A' • u' G Plays^,, hence v' G I{p). 

For the right-left inclusion, take v' G /(p). There exists p' such that p' ■ v' G Plays^, and 
p p' ■ v' . By definition of T, there exists g G Qf such that qi ~[p/p' ■ «']—> g. By Lemma [TTl 
q £ S, and u' G Last{q). Since g G H Qf, G ^^--f- 
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5.2 Lifting transducers 

Let g be an arena, T an FST such that [T] C Playsl, and let § = Power(^,T). We describe 
how to build a transducer T that lifts [T] C Plays^ x Plays^ to Plays^, x Plays^. 

We note TJ, for the deterministic transducer that computes /, the bijection that maps a play 
p e P/ays* to the underlying play p £ Plays^,, and for the deterministic transducer that 
computes f~^. Both are easily built from Q, and |r4, | = \T'f \ = 0{\Q\). 

Definition 16 The lift of transducer T is f ^ Ti oT o T^. 

Notice that |f | = 0{\g\ x |T| x |g|). 

In the following we let ^ = [T] and — \T]. The following proposition follows directly 
from the definitions of Q and T: 

Proposition 12 For every ^3 G tt G Plays^j, i > 0, 

5.3 i?-elimination 

We establish that given an instance of FUS„-|-i, we can build in exponential space and time an 
equivalent instance of FUS„. 

Proposition 13 For all instance [Q,T,ip) o/ FUS„+i, there exists an instance {Q' ,T' , ip') of 
FUS„ computable in time exponential in \{Q,T,ip)\ such that: 

. (a, T, if) e FUS„+i iff {G', r, if') e FUS„ 
. = 0(2(151+1^^1)') 
. \T'\ = 0(20(iei+|T|)^) 
• l^'l = 0(|^|) 

The rest of the section is dedicated to the proof of Proposition [T5] Let {Q,T,Lp) be an instance 
of FUS„+i. 

Lemma 14 Let tt £ PlaySu), * > 0, and ip be an LTL— formula. 

TT, i Rip iff Q,u \^ ip for all u £ /(7r[0, i]). 

Proof We start with the left-right implication. Suppose that tt, i |= Rip holds, and take u £ 
/(7r[0,i]). We need to prove that Q^u\= p. To do so, we take tt' £ Tracesi^{u) an infinite trace 
starting in u and we prove that 7r',0 ^ ip. Since u £ /(7r[0,i]), by definition of the information 
set, there exists p ■ u d Plays^ such that 7r[0, i] p ■ u. We let j — \p\ and n" — p ■ tt' be such 
that = u. Clearly, tt" £ Plays^, and 7r[0,i] ^ 7r[0,j]. Since tt, i [= Rp holds, we have that 
7r",j ^ (p. And because p £ LTL, the fact that it holds at some point of a trace only depends 
on the future of this point, hence 7r"[j, oo], |= (p, i.e. tt', Q \^ p. 

For the right-left implication, suppose that Q^u \^ Lp for all u £ /(7r[0, i]), and take tt' £ 
Playsui, j > such that 7r[0,i] 7r'[0,j]. We have that ir'lj] £ /(7r[0,i]), so 5,7r'[j] |= p}. 
Because 7r'[j, oo] is in TraceSi^{7T'[j]), we have that 7r'[j, oo], \== p, hence n' ,j ^ ip. \ | 
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Lemma 15 Let tt G Plays^j, * > 0, and let (p he an LTL— formula. 

vf, i Rip iff Q,u ^ for all u £ 7r[z]./. 

Proof Let tt G PlaySu: and i > 0. By Proposition [121 for any ip G LTL, tt, i 1==^ iff tt, i 
i?iy9, and by Lemma [HI tt, j Rip iS Q,u \= ip for all u G /(7r[0, i]). Now, by Proposition [TUI 
7f[i]./ = /(7r[0,i]), which concludes the proof. |^ 

We now define how formulas of the kind Rip can be replaced by new atomic propositions, and 
how positions of the powerset arena can be marked with these new propositions: To an arena 
Q, a formula ip E C and a subformula Rip G Ci D Sub{ip) (if any), we associate a fresh atomic 
proposition that occurs neither in Q nor in ip. 

Definition 17 For ip G Cn+i, we define ip :— ^[pR^/Rip \ Rip G £i n Sub{ip)]. 
Example 3 RoRq = ROpRq 

Definition 18 For an instance (Q,T,ip) o/FUS„+i, we define the instance {Q,T,p) o/ FUS,i 
as {g\T\p') by: 

• Ifg^ (y, E, vi,£), then Q' = {V , E, vj, ?'), with 

£'{v) = i{v) U {pR^ \Rip e CiCi Sub{p) and Vu G v.I, g,u^ ip}. 

. T' = f 

ip' ^p 

From now on, for an instance {Q,T,p) of FUS„+i, we abuse notation by writing Q = 
{V, E,vj,£) for the modified powerset construction of Definition [T5] 

Lemma 16 Take an instance {Q,T,p) o/FUS„+i, and let {Q,T,ip) ~ {Q,T,p). Then for all 
TT G PlaySu, and i > 0, 

TT,i\^^ ip iffTT,i (p 

Proof By Proposition 1121 tt, i (yS iff tt, i ip, so it only remains to show that tt, i \=.c p> 
iff TT , i (p. We prove it by induction on p. The cases ip = p,ip = -iip, ip = ip\/ ip' ,p = Qip, p = 
Ip U Ip' are trivial. It remains to consider the case p = Rip, which decomposes into two subcases 
depending on dniip): 

• If dii{ip) > 0, then ip — Rip. We then have: 

TT,i ^-o Rip iff Vtt'jJ s.t. 7f[0,i] -^7f'[0,j], tt' ,j 1=^ Ip 

iff Vtt'jJ s.t. Tf[0,i] -^Tf'[0,j], tt' ,i ip (by induction hypothesis) 

iff TT , i Rip 

• If dfj{ip) = 0, that is Ip € LTL, then ip = pn^p. 

TT, i ^-o Rip iS Q,u \^ Ip for all u G tt [z]./ (by Lemma [T5)) 

iff PRi, e £{n \i] ) (by Definition [H]) 

iff TT , i pr^ 
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□ 

We can now achieve the proof of Proposition [13] Take an instance {Q, T, (p) of FUS„+i. We 

show that {Q,T,(p) = {Q,T,(p) is a good candidate. Notice that the natural bijection between 

PlaySi, and Plays^, induces a bijection between strategies a in Q and strategies a in Q, such that 

for every strategy a in Q, if we note Out{a) := {n \ tt G Out(cr)}, then Ont{d) = Out{a). 

Let a be ( [T] , (p)-fully-uniforni in Q. If tt G Out(CT), then tt e Out(cr), hence tt G Out(o'). 
Because a is ([T], </?)-fully-uniform. tt, By Lemma fTOl we conclude that tt , which 

means that a is ([T], ^)-fully-uniform in C?. Since dR{ip) — dR{ip) — 1 = n, {Q,T,Lp) G FUS„. 

Assume {Q, T, ip) € FUS„, that is there exists a strategy a which is ([T], (^)-fully-uniform in Q. 
Any play tt G Out(o') is uniquely associated to a play tt G Ont(a) — Out(CT), which by assumption 
satisfies n, if. By Lemma [TOl tt, (p, which shows that a is {[T], c/?)-fully-uniform in Q. 

This achieves the proof of the first point of Proposition [T21 For the second point, recall Def- 
inition [H that gives 1^1 = 0{\g\ X 2l^l X 21^11^1), so that \g\ ^ 0(2(1^1+1^1)'). The third point is 
derived from this second point and Definition [TH |f | = 0{\g\ x |r| x |^|) = (9(2(1^1+1^1)' x |r| x 
2(I<?|+|T|)2-) ^ (9(2'^(l^l+l^l)'). Finally, the fourth point stating that |^| = 0{\ip\) is immediate by 
Definition [T71 

It remains to prove that {Q,T,ip) is computed in time exponential in \{g ,T, ip)\. Clearly, 
the powerset construction (Section 15. ip and the lifting of the transducer (Section 15. 2p both 
take exponential time in \g\ + |T|, hence in \(g ,T, (p)\. The marking phase in the i?-elimination 
(Definition lisp involves model checking at most \(p\ LTL-formulas on each position of the original 
arena Q . Model checking an LTL-formula in a given position requires polynomial space in | ^ | + 1 I 
|SC85| . Since PSPACE C EXPTIME, it is exponential in time. All in all, we need to model 
check an LTL-formula at most \Q\ x \ip\ times, so the whole marking phase is done in time 
exponential in \(g,T,ip)\. We conclude that (g,T,ip) can be computed in time exponential in 
\{g,T, (p)\, which terminates the proof of Proposition [T5] 

5.4 Complexity of FUS„ 

In this subsection we describe an algorithm that decides whether an instance {Q, T, (p) is in FITS, 
and we establish upper bounds for the FUS„ problem, for each n G setn. 

Algorithm [T] describes our decision procedure. It takes as an entry an instance (Q,T,ip) of 
FUS, and returns true if it is a positive instanc^, false otherwise. To do so, starting from 
(GajTojipo) = {g,T,ip), it successively applies the construction described in Subsection 15.31 to 
eliminate R operators in (p and to ultimately reduce the problem to solving an equivalent LTL 
game. 

It is known that solving LTL games has a time complexity doubly-exponential in the size 
of the formula, and that it is actually 2EXPTIME-complete |PR89| . We remind that solving 
an LTL game {Q,p), in the automata-theoretic formulation of this problem [ Var91J , can be 
done by the following procedure, that we will call in LTLGameSolver (see |PR89l I ALT04| ) . 
First, compute a nondeterministic Biichi tree automaton that accepts trees whose branches all 
verify the formula. This automaton is of size exponential in \ip\. Then, by for example Safra's 
construction [SafSSj , build an equivalent deterministic Rabin automaton A,p with a number of 
states doubly-exponential in p, and a number of pairs exponential in p. Then, with a linear 
cost in \Q\, transform the arena Q into a nondeterministic tree automaton Ag that accepts all 

''i.e., there exists a ([T], (^)-fully- uniform strategy in Q. 
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strategies of Player 1 in Q. Then, there exists a strategy whose outcomes all satisfy ip if and 
only if the product Rabin automaton x Ag accepts some tree. Deciding the emptiness of 
a Rabin tree automaton can be done time 0{{£m)^™), where £ is the number of states and m 
is the number of pairs of the Rabin automaton |Ros91| . Provided that for the product Rabin 
automaton A^ x Ag we have = x 2^'^' and m = 2l'''l, we finally obtain the following upper 
bound: 

Proposition 17 Solving an LTL game {G,(p) takes time d"^!'^ 

It is important to keep the size of the arena and the size of the formula apart for the moment, 
instead of just saying that it is doubly-exponential in the size of the entry, because in our decision 
procedure, the size of the iterated powerset constructions suffers a exponential blow-up, contrary 
to the successive formulas whose sizes remains unchanged (and even decrease since subformulas 
are replaced with atomic propositions). 

Input: {g,T,p) 

Output: true if {Q,T,(p) G FUS, false otherwise 
{Go,To,ipo) := {g,T,ip); 
k := 0; 

while dii{(pk) > do 

{gk+i,Tk+i,(pk+i) ■= {Qk,Tk,ifk)\ 

fc := fc + 1; 
end 

return LTLGameSolver{Qk, (fik) 

Algorithm 1: Decision procedure for the problem FUS. 

Theorem |5] as announced at the beginning of Section \5\ can now be proved. 
Let n S N, and let {g,T,(p) be an instance of FUS„. If n = 0, the body of the while in- 
struction is not executed, and we immediately call LTLGameSolver^Qo, ipo). By Proposition [TTJ 

this call takes time l^ol^ , hence it is 2-EXPTIME in \{g,T,ip)\. We next answer the case 
n > 0, and will distinguish the two particular cases n = 1 and n — 2. 

For convenience, we introduce notations for iterated exponential functions: for fc, n G N, 

.-.2" 

exp'^(n) — 2'^ }k. 

Lemma 18 For every 0<k<n, {Gkl ^ |Tfc| = ea;/'(0(|^| + 1^1)^). 

Proof By induction on fc, using Proposition 1131 | | 

If {Q, T, (f) is an instance of FUS„, for 1 < fc < n, by Proposition [T31 the execution of the fc-th 
loop takes time exponential in \(Qk~i,Tk~i,(pk~-i)\- Hence bv Lemma llSI the time complexity for 
the k-th loop is expi(exp'=-i (0(1^1 + \T\)^) + \<p\) = 2l'^lexp'=(0(|6;| + \T\f), and the execution 
of the whole while instruction takes time ^WHILE where: 

n 

Awhile = ^2l'^lexp'=(0(|g| + |r|)2) 

fc=i 

= 2''^lexp"(0(|g| + |r|)2) 
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By Proposition [T71 and Lemma [T51 solving the final LTL game {Qn,<fin) takes time ^ltLi 
where: 

= expi(exp"-i(0(|g| + |T|)2) * 20(l'^l)) 

We obtain that Algorithm 1 runs in time 9 = ^while + ^ltl- but since (for n > 0), ^WHILE 
is negligible compared to ^ltl, we obtain: 

9 = expi(exp"-i (0(1^1 + \T\)^) * 2^^^'^^^) (1) 

Additionally, for n = 1, the double exponential complexity stems from the size of the formula. 
For n = 2, because the size of the arena has taken two exponentials, the double exponential 
complexity comes both from the size of the formula and the size of the arena. Afterwards, 
since the arena keeps growing exponentially while the size of the formula remains the same, the 
complexity comes essentially from the size of the arena. This achieves the proof of Theorem [5] 

Note that the subroutine LTLGameSolver{On,(pn) of Algorithm 1, based on the automata- 
theoretic procedure of |PR89| , does not merely decide the existence of a winning strategy, but 
actually builds one (if any). Recall also that forgetful strategies are sufficient for LTL games, 
as they are particular cases of regular games which enjoy the "Forgetful Determinacy" |Zei94| . 
By the natural bijection invoked in the proof of Proposition [12] between strategies in a powerset 
arena and strategies in the original arena, one can trace the strategy in f/„ back to a ([To], 930)- 
fully-uniform strategy in the original game Go- 

Corollary 19 Forgetful strategies are sufficient for full-uniformity properties. 



6 Discussion 

We have investigated the concept of uniform strategies in two-player turn-based infinite-duration 
games, motivated by the many instances from the literature: games with imperfect informa- 
tion, games with epistemic condition, non-interference, diagnosis and prognosis, and Dependence 
Logic. Uniformity is addressed in the context of a semantic binary relation between plays of the 
arena, which can arise from any reason to relate plays with each others, e.g. an epistemic feature. 

In order to embrace all the examples we have encountered, and likely many potential others, 
we were led to designing a formal language whose sentences express the very uniformity properties 
of strategies. Clearly, the language-based approach offers intuitive definitions, while the set- 
theoretic one, which may capture a larger class of uniformity properties, is much less readable. 
The particular uniformity properties that have been addressed in the literature so far (Section 
can now more easily be compared. Our language is an enrichment of the Linear-time Temporal 
logic LTL [GPSS80 , hence it is interpreted over plays. The additional feature is captured by the 
modality R which quantifies universally over related plays. Whether this quantification ranges 
over all plays in the arena or just over outcomes of the considered strategy yields two variants 
of uniform strategies, namely fully-uniform and strictly-uniform strategies. 

The general procedure to decide the fully-uniform strategy problem is non-elementary. This 
may be the price to pay for a generic solution for arbitrarily complex uniformity properties, 
and we conjecture that the fully-uniform strategy problem is non-elementary hard. However, 
bounding the i?-depth of the formulas gives an elementary bound complexity, which seems inci- 
dentally to be the case for all the examples of Section |3] only formulas whose i?-depth is one are 
needed, so that the generic procedure has "only" a double exponential time complexity. Notice 
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that |MPB11| obtained a tighter (optimal) single exponential time bound for solving games with 
opacity condition, which corresponds to the fixed formula G^Rps of i?-depth equal to one and 
to a simple fixed binary relation between plays (see Section 13. 2p . Notice that if we fix a formula 
of i?-depth 1, the time complexity Equation ([T|) of our procedure collapses to a single exponential 
time complexity in the size of the arena and of the transducer. 

Our results can be extended and commented in many respects. We give here some of them. 

First, the choice we have made to rely on an enrichment of the LTL logic can be questioned 
- although this logic regarding properties of time is acknowledged in many respects. We may 
try to extend the synthesis procedure to a much richer logic like the Linear-time /i-calculus, a 
language extending standard linear time temporal logic with fix-point operators. But the current 
procedure relies on a bottom-up traversal of the parse-tree of the formula tp, which cannot be 
generalized to formulas with arbitrary fix-points. The LTL logic falls into the very particular 
so-called alternation-free fragment of the Linear-time /x-calculus, where fix-points do not inter- 
play. Significant progress in understanding this extended setting need being pursued. 

Second, we considered a single semantic binary relation between plays. One may wonder 
whether the case of several relations yielding modalities Ri at the language level, can be 
investigated at the algorithmic level. We foresee a generalization of our powerset construction 
by synchronizing the execution of all the transducers of the relations. We however remain cau- 
tious regarding the success of this approach since closely related topics such as the decentralized 
diagnosis problem is known to be undecidable |ST02| . Still the question is important as it would 
unify our setting with the Epistemic Temporal Logic ETL of |HV89| and bring light on the 
automated verification of ETL definable properties for open systems (see the modu/e-checking 
problem of [K V97J ). 

Additional comments are needed to fully understand the contribution, in particular regarding 
the recent developments of alternating-time epistemic logic |vdH W03 JH04, DEGIO^. The two 
settings are close but incomparable. With the uniform strategy concept, we aim at extending 
the range of (qualitative) properties of strategies by means of binary relations between plays, 
and at exploiting those properties to synthesize particular strategies. Instead, alternating-time 
epistemic logics offer a way to quantify over strategies that achieve ETL-like properties, hence 
they are not synthesis-oriented, and moreover, they do not handle arbitrary relations between 
plays. Unifying the two settings is a real challenge; we would need to design a (necessarily more 
complex) language that incorporates the specification of the relation(s) between plays. 
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